Skip to content

Releases: gravitational/teleport

Teleport 17.4.3

09 Apr 01:44
@fheinecke fheinecke
v17.4.3
3a164fd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.4.3 Latest
Latest

Description

  • Fixed throttling in the DynamoDB backend event stream for tables with a high amount of stream shards. #53804
  • Support for managing the Bot resource in the Teleport Kubernetes Operator. #53708
  • Kubernetes app discovery now supports an additional annotation for apps that are served on a sub-path of an HTTP service. #53094

Enterprise:

  • Fix Okta Integration Update Flow when the Okta integration credentials are updated from SSWS API tokens to OAuth-based credentials.
  • "Bidirectional Sync" option added to the Okta Integration, allowing for a "read-only" integration where changes are only synced from Okta to Teleport.
  • Fix SCIM sync for Okta plugins with OAuth credentials.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Assets 2
Loading

Teleport 17.4.2

02 Apr 00:08
@camscale camscale
v17.4.2
cd8f06a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.4.2

Description

  • Reduced resource consumption and improve latency of tsh ssh. #53645
  • Fixed an issue where expired app session won't redirect to login page when Teleport is using DynamoDB backend. #53591
  • Workload ID: Support for adding custom claims to JWT-SVIDs. #53585

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.4.1

29 Mar 04:34
@doggydogworld doggydogworld
v17.4.1
7c35af1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.4.1

Description

  • Fix a bug causing the discovery service to fail to configure teleport on discovered nodes when managed updates v2 are enabled. #53543

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.4.0

28 Mar 03:35
@camscale camscale
v17.4.0
2a979e2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.4.0

Description

Database access for Oracle RDS

Teleport database access now supports connecting to Oracle RDS with Kerberos
authentication.

AWS integration status dashboard

Teleport web UI now provides a detailed status dashboard for AWS integration as
well as the new "user tasks" view that highlights integration issues
requiring user attention along with suggested remediation steps.

Windows desktop improvements

Teleport now supports registering the same host twice - once as a domain-joined
machine, and one as a standalone machine. This allows Teleport users to
connect as Active Directory users and local users to the same host.

Other fixes and improvements

  • Enable support for joining Kubernetes sessions in the web UI. #53450
  • Fixed an issue tsh proxy db does not honour --db-roles when renewing certificates. #53445
  • Fixed an issue that could cause backend instability when running very large numbers of app/db/kube resources through a single agent. #53419
  • Added static_jwks field to the GitLab join method configuration to support cases where Teleport Auth Service cannot reach the GitLab instance. #53413
  • Introduced workload-identity-aws-ra service for generating AWS credentials using Roles Anywhere directly from tbot. #53408
  • Helm chart now supports specifying a second factor list, this simplifies setting up SSO MFA with the teleport-cluster chart. #53319
  • Improved resource consumption when retrieving resources via the Web UI or tsh ls. #53302
  • Added support for topologySpreadConstraints to the teleport-cluster Helm chart. #53287
  • Fixed rare high CPU usage bug in reverse tunnel agents. #53281
  • Fixed an issue PostgreSQL via WebUI fails when IP pinning is enabled. PostgreSQL via WebUI no longer requires Proxy to dial its own public address. #53250
  • Added overview information to "Enroll New Resource" guides in the web UI. #53218
  • Added support for SendEnv OpenSSH option in tsh. #53216
  • Added support for using DynamoDB Streams FIPS endpoints. #53201
  • Allow AD and non-AD logins to single Windows desktop. #53199
  • Workload ID: support for attesting Systemd services. #53108

Enterprise:

  • Fixed Slack plugin failing to enroll with "need auth" error in the web UI.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 16.5.0

28 Mar 20:42
@doggydogworld doggydogworld
v16.5.0
cc6802a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.5.0

Description

Automatic Updates

16.5 introduces a new automatic update mechanism for system administrators to control which Teleport version their
agents are running. You can now configure the agent update schedule and desired agent version via the autoupdate_config
and autoupdate_version resources.

Updates are performed by the new teleport-update binary.
This new system is package manager-agnostic and opt-in. Existing agents won't be automatically enrolled, you can enroll
existing 17.3+ agents by running teleport-update enable.

teleport-update will become the new standard way of installing Teleport as it always picks the appropriate Teleport
edition (Community vs Enterprise), the cluster's desired version, and the correct Teleport variant (e.g. FIPS-compliant
cryptography).

You can find more information about the feature in our documentation.

Package layout changes

Starting with 16.5.0, the Teleport DEB and RPM packages, notably used by the apt, yum, dnf and zypper package
managers, will place the Teleport binaries in /opt/teleport instead of /usr/local/bin.

The binaries will be symlinked to their previous location, no change should be required in your scripts or systemd units.

This change allows us to do automatic updates without conflicting with the package manager.

Readiness endpoint changes

The Auth Service readiness now reflects the connectivity from the instance to
the backend storage, and the Proxy Service readiness reflects the connectivity
to the Auth Service API. In case of Auth or backend storage failure, the
instances will now turn unready. This change ensures that control plane
components can be excluded from their relevant load-balancing pools. If you want
to preserve the old behaviour (the Auth Service or Proxy Service instance stays
ready and runs in degraded mode) in the teleport-cluster Helm chart, you can
now tune the readiness setting to have the pods become unready after a high
number of failed probes.

Other improvements and fixes

  • Fix a bug causing the discovery service to fail to configure teleport on discovered nodes when managed updates v2 are enabled. #53544
  • Enable support for joining Kubernetes sessions in the web UI. #53456
  • Fix an issue tsh proxy db does not honour --db-roles when renewing certificates. #53446
  • Added static_jwks field to the GitLab join method configuration to support cases where Teleport Auth Service cannot reach the GitLab instance. #53412
  • The teleport-cluster Helm chart now supports tuning the pod readiness. #53353
  • Fix panic when trimming audit log entries. #53307
  • Improve resource consumption when retrieving resources via the Web UI or tsh ls. #53303
  • Fixed rare high CPU usage bug in reverse tunnel agents. #53282
  • Add support for SendEnv OpenSSH option in tsh. #53217
  • Add support for using DynamoDB Streams FIPS endpoints. #53202
  • Workload ID: support for attesting Systemd services. #53109
  • Machine ID: Added warning when generated certificates will not last as long as expected. #53103
  • Improve latency and reduce resource consumption of generating Kubernetes certificates via tctl auth sign and tsh kube login. #52147

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.3.4

20 Mar 02:32
@camscale camscale
v17.3.4
29c19ac
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.3.4

Description

  • Improved clarity of error logs and address UX edge cases in teleport-update, part 2. #53197
  • Fixed the teleport-update systemd service in CentOS 7 and distros with older systemd versions. #53196
  • Fixed panic when trimming audit log entries. #53195
  • Fixed an issue causing the teleport process to crash on group database errors when host user creation was enabled. #53082
  • Workload ID: support for attesting Docker workloads. #53069
  • Added a --join-method flag to the teleport configure command. #53061
  • Improved clarity of error logs and address UX edge cases in teleport-update. #53048
  • The event handler can now generate certificates for DNS names that are not resolvable. #53026
  • Machine ID: Added warning when generated certificates will not last as long as expected. #53019
  • Improve support for teleport-update on CentOS 7 and distros with older systemd versions. #53017
  • You can now use == and != operators with integer operands in Teleport predicate language. #52991
  • Workload ID: support for attesting Podman workloads. #52978
  • Web UI now properly shows per-session MFA errors in desktop sessions. #52916
  • Allow specifying the maximum number of PKCS#11 HSM connections. #52870
  • Resolved an issue where desktop session recordings could have incorrect proportions. #52866
  • The audit log web UI now renders Teleport Autoupdate Config and Version events properly. #52838
  • Fixed terraform provider data sources. #52816

Enterprise:

  • Fixed Slack plugin failing to enroll with "need auth" error in the web UI.
  • Added checks to opsgenie and servicenow plugin to cause enrollment to fail if the provided config is invalid.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 16.4.18

18 Mar 20:26
@fheinecke fheinecke
v16.4.18
22ce944
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.18

Description

  • Fixed the Teleport process to crashing on group database errors when host user creation was enabled. #53080
  • Workload ID: support for attesting Docker workloads. #53070
  • The event handler can now generate certificates for DNS names that are not resolvable. #53063
  • Added a --join-method flag to the teleport configure command. #53060
  • Workload ID: support for attesting Podman workloads. #52980
  • Web UI now correctly displays errors in desktop sessions when a required WebAuthn MFA device is missing. #52917
  • Allow specifying the maximum number of PKCS#11 HSM connections. #52880
  • Resolved an issue where desktop session recordings could have incorrect proportions. #52868
  • Resolved an issue that could cause WebSocket errors to appear after the graceful shutdown of a desktop session. #52868
  • Updated golang.org/x/net (addresses CVE-2025-22870). #52847
  • Fix terraform provider data sources. #52817
  • Machine ID: Added new Prometheus metrics to track success and failure of renewal loops. #52729

Enterprise:

  • Reduce resource consumption resolving Okta applications during login. #6088

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 17.3.3

06 Mar 20:25
@doggydogworld doggydogworld
v17.3.3
22bc617
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 17.3.3

Description

  • Updated golang.org/x/net (addresses CVE-2025-22870). #52846
  • Fix the issue with multiple Okta app links that is causing a high level of Okta API usage. #52841

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 16.4.17

06 Mar 06:39
@camscale camscale
v16.4.17
036406a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 16.4.17

Description

  • Escape user provided labels when creating the shell script that enrolls servers, applications and databases into Teleport. #52705
  • Support setting the public address for discovered apps based on Kubernetes annotations. #52701
  • Workload ID: Support for Teleport Predicate Language in Workload Identity templates and rules. #52565
  • Fixed cannot execute: required file not found error with the teleport-spacelift-runner image. #52561
  • Added support for X509 revocations to Workload Identity. #52502
  • Updated go-jose/v4 to v4.0.5 (addresses CVE-2025-27144). #52468
  • Updated /x/crypto and /x/oauth2 (addresses CVE-2025-22869 and CVE-2025-22868). #52438
  • Logging out from a cluster no longer clears the client autoupdate binaries. #52338
  • Added JSON response support to the /webapi/auth/export public certificate API endpoint. #52326
  • Resolved an issue with tbot where the web proxy port would be used instead of the SSH proxy port when ports separate mode is in use. #52309
  • Fixed Azure SQL Servers connect failures when the database agent runs on a VM scale set. #52268
  • Removed the ability of tctl to load the default configuration file on Windows. #52189
  • Added support for non-FIPS AWS endpoints for IAM and STS on FIPS binaries (TELEPORT_UNSTABLE_DISABLE_AWS_FIPS=yes). #52129
  • Introduced the allow_reissue property to the tbot identity output for compatibility with tsh based reissuance. #52115

Enterprise:

  • Reduce resource consumption resolving Okta applications during login.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading

Teleport 15.4.30

06 Mar 06:39
@camscale camscale
v15.4.30
e8faf5d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Teleport 15.4.30

Description

  • Escape user provided labels when creating the shell script that enrolls servers, applications and databases into Teleport. #52706
  • Support setting the public address for discovered apps based on Kubernetes annotations. #52702
  • Fixed cannot execute: required file not found error with the teleport-spacelift-runner image. #52562
  • Updated go-jose/v4 to v4.0.5 (addresses CVE-2025-27144). #52469
  • Updated /x/crypto and /x/oauth2 (addresses CVE-2025-22869 and CVE-2025-22868). #52440
  • Added JSON response support to the /webapi/auth/export public certificate API endpoint. #52328
  • Fixed Azure SQL Servers connect failures when the database agent runs on a VM scale set. #52269
  • Fixed Postgres database access control privileges auto-provisioning to grant USAGE on schemas as needed for table privileges and fixed an issue that prevented user privileges from being revoked at the end of their session in some cases. #52106

Enterprise:

  • Reduce resource consumption resolving Okta applications during login.

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Plugins

Download the current release of Teleport plugins from the links below.

Loading